ktg-plugin-marketplace

open/ktg-plugin-marketplace

Fork 0

Commit graph

Author	SHA1	Message	Date
Kjell Tore Guttormsen	b95d85bb4c	feat(post-mcp-verify): E4 — scan markdown link titles for injection Adversarial payloads in markdown link title attributes (rendered as tooltips, parsed by agents) bypassed the existing HTML-content checks which gated on `<tag>` presence. Pattern: [text](url "title"). Adds linkTitleRegex extraction to the HTML-content block, runs each captured title through scanForInjection, emits at the strongest tier encountered with category markdown-link-title-injection. +3 tests (62 → 62 in post-mcp-verify.test.mjs file, was 59). Refs: Batch B Wave 4 / Step 9 / v7.2.0	2026-04-29 14:52:30 +02:00
Kjell Tore Guttormsen	f93d6abdae	feat: initial open marketplace with llm-security, config-audit, ultraplan-local	2026-04-06 18:47:49 +02:00

Author

SHA1

Message

Date

Kjell Tore Guttormsen

b95d85bb4c

feat(post-mcp-verify): E4 — scan markdown link titles for injection

Adversarial payloads in markdown link title attributes (rendered as
tooltips, parsed by agents) bypassed the existing HTML-content checks
which gated on `<tag>` presence. Pattern: [text](url "title").

Adds linkTitleRegex extraction to the HTML-content block, runs each
captured title through scanForInjection, emits at the strongest tier
encountered with category markdown-link-title-injection.

+3 tests (62 → 62 in post-mcp-verify.test.mjs file, was 59).

Refs: Batch B Wave 4 / Step 9 / v7.2.0

2026-04-29 14:52:30 +02:00

Kjell Tore Guttormsen

f93d6abdae

feat: initial open marketplace with llm-security, config-audit, ultraplan-local

2026-04-06 18:47:49 +02:00

2 commits